Because of something called FERPA (Federal Student Privacy Act) I had written a script that goes through our Students OU and removes the ACE for Authenticated Users. This prevented the students private information from being viewable by non-admin staff.
Now I have been given a better view for our identity system to use that includes a FERPA flag. So instead of treating all 20,000 students as FERPA (and having to remove the AuthUser ACE) I only need to treat those that have asked for FERPA protection (about 3% of the student body). So I need to go back through all the student accounts and restore the Auth User ACE and only remove it from the FERPA students (which I've separated into a sub-ou of students). I tried to do this with .Net but had some difficulties. Anyone have a good quick way to do this? Steve Evans List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/